Question on permissions
IzzySoft opened this issue · 4 comments
My scanner got some additional checks recently, and reported on today's update:
! repo/com.zacharee1.systemuituner_356.apk declares sensitive permission(s): android.permission.QUERY_ALL_PACKAGES android.permission.SYSTEM_ALERT_WINDOW
Could you please clarify what those are needed for? Thanks in advance!
QUERY_ALL_PACKAGES
is used to show all installed applications and Activities for features like the Lock Screen Shortcuts and the Immersive Mode include/exclude lists.
SYSTEM_ALERT_WINDOW
is optional, and used to work around background launch restrictions on later Android versions to let Persistent Options properly start on boot.
Thanks! Added to the allow list then:
If you want reasons for the other permissions to be shown there as well, be welcome to list them here and I'll add them.
As for the DEPENDENCY_INFO_BLOCK
: Mind to get rid of that?
android {
dependenciesInfo {
// Disables dependency metadata when building APKs.
includeInApk = false
// Disables dependency metadata when building Android App Bundles.
includeInBundle = false
}
}
For some background: that BLOB is supposed to be just a binary representation of your app's dependency tree. But as it's encrypted with a public key belonging to Google, only Google can read it – and nobody else can even verify what it really contains.
I have explanations for most permissions in the terms doc: https://github.com/zacharee/Tweaker/blob/master/app/src/main/assets/terms.md.
For the blob thing, I can add that block to exclude it I think. I wish Google would stop being so ridiculous with this stuff.